Restrict Access to certain IPs in VPN

Unanswered Question
Mar 21st, 2007
User Badges:

Does anyone know if there is a way to restrict a user to access only a certain number of IP's through PIX when he/she is connecting through a VPN connection setup on the PIX itself ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Wed, 03/21/2007 - 16:10
User Badges:
  • Cisco Employee,

You need to configure split tunneling for this. Only the ip address defined in split tunnel ACL will be accessible by the vpn client.

E.G. You want to restrict the clients to access an inside server only, say, and the client pool is

Create an ACL :

access-list split permit ip host

vpngroup split-tunnel split

That should do it. To read more about split tunnel :

*Please rate if it helped.


alexandre.paradis Thu, 03/22/2007 - 05:44
User Badges:

You can also remove the "sysopt connection permit-ipsec" line, and define an inbound ACL to your outside interface.

In that ACL, filter out the traffic from the source IP address (client pool)


This Discussion